News
News
6/8/2006
01:43 PM
Connect Directly
RSS
E-Mail
50%
50%

Weird 'Ghost Spam' Testing Addresses

The messages are unusual because the message body is a mix of HTML and apparently random numbers. Security researchers say it's probably some hackers testing their mailing lists, meaning an attack may be in the offing.

A wave of strange e-mails with strings of numbers as their only message are most likely a spammer's or hacker's test of his mailing list, several security companies concluded Thursday, and may presage a junk mail campaign or a malware attack.

The messages, which Panda Software characterized as "ghost mail," are unusual in that the send and from fields are the recipient's own address, that the subject heading is a number -- 455, 557, 56757, 586876, or 1545453 -- and the message body is a mix of HTML and apparently random numbers.

Unlike most malicious mail or spam, these do not include a file attachment (the usual way e-mail is used to deliver worms or Trojan horses), nor do they include an embedded link, as do phishing messages.

"The most likely scenario is that a group of hackers are checking the validity of e-mail address databases," said Luis Corrons, director of Panda's research, in a statement. "By sending these messages they can determine if the addresses are active or not and remove those that are no use."

If that's the case, Corrons went on, it implies that the cyber crook is cleaning up list mailing list prior to sending phishing spam or to distribute known or unknown malware.

Rival security company Symantec provided more detail in an alert issued to customers of its DeepSight Threat Management System.

In the warning, Symantec researchers said that the messages were being cranked out by a new version of "Tooso," a Trojan first discovered in February 2005.

"Tooso, like many other families of malicious code, contains an update mechanism that consists of polling a set of hardcoded URLs for a file to be downloaded and executed," Symantec wrote in its alert. "Shortly before these spam messages were received, the Tooso author made an update live on several of the URLs that Tooso has been polling."

Symantec's researchers said that they had confirmed that the new Tooso generated spam in the number-based format of the mail wave.

"It is clear that Tooso is attempting to verify harvested email addresses," the warning continued. "Upon infection, it is polling a several web sites for email addresses to test. It then attempts to spam these addresses, and reports all addresses that did not result in an SMTP error to another script."

Users of Gmail -- the free e-mail service run by Google -- have theorized that the attack was directed at them since because the mail is spoofed to appear to be from the recipient, it's slipping past the filters and ending up in the "Sent messages" folder.

Symantec countered, saying that it was unlikely because the spam is also being received by non-Gmail users.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.